Nulog is a PHP interface for the MySQL plugin for the ulogd netfilter log daemon and for NuFW SQL logging.
Nulog uses this interface to display security events in real-time on a user-friendly interface.
Here are some key features of "Nulog":
· show the last hosts that sent packets that got blocked by your firewall.
· show the last ports that hosts tried to open.
· search for packets logged from an host.
· search for packets logged for a given port.
· search for packets logged for a given user.
Settings up the database
To use it, create a mysql database ulogd, tape as root :
mysqladmin create ulogd
Next, populate the database using ulogd.mysqldump :
cat ulogd.mysqldump | mysql -u USER -p ulogd
Put your user and password in include/require.inc.
The database is not the standard mysql database for ulogd. It add a few tables and indexes to have thing work fast.
Settings up netfilter
If you don�t use EdenWall or NuFW, you need to configure your netfilter installation.
Now you can log into the database. To log bad packet you have to use use ULOG
iptables -A FORWARD -j ULOG --ulog-nlgroup 1 --ulog-prefix "badif"
What's New in This Release:
· This release can use MySQL triggers instead of PHP code to compute statistical data.